“Special Offer, limited time, receive a 2% reward for your personal data! Hurry, offer only good while funding lasts!”
California’s Attorney General recently held a Data Privacy Day1 to draw more attention to the consumer data rights enshrined in the California Consumer Privacy Act (CCPA).
As you suppress a yawn, consider the mail that accompanied this event; State Government notices were sent to businesses that operate loyalty programs, reminding them of their responsibilities as they use customer’s personal information. Letters were sent to companies running loyalty programs in retail, home improvement, travel, and food services industries, giving them 30 days to cure data misuse and come into compliance with the CCPA.
If you offer a loyalty program to your customers, this should grab your attention as California sets trends in the consumer protection world, as does the European Union through GDPR.
California has recognised that organisations make money from collecting and using customer personal information and many reimburse the customer for its collection by offering “…financial incentives, such as discounts, free items, or other rewards….”. In other words, Loyalty Programs.
This makes loyalty programs a financial product under the Act and imposes a requirement for operators to provide consumers with a notice of financial incentive. A quote from the authority;
“The notice of financial incentive must clearly describe the material terms of the financial incentive program, be readily available before a consumer opts in, and inform consumers that they may opt-out at any time. Specifically, a business must include the following in the notice:
- A succinct summary of the financial incentive or price or service difference offered.
- A description of the material terms of the financial incentive or price or service difference, including the categories of personal information that are implicated by the financial incentive or price or service difference and the value of the consumer’s data.
- How the consumer can opt-in to the financial incentive or price or service difference.
- A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right.
- An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data, including:
- A good-faith estimate of the value of the consumer’s data that forms the basis for offering the financial incentive or price or service difference.
- A description of the method the business used to calculate the value of the consumer’s data.”2
Would you be able to estimate the value of the data you collect from your program members?
Would you be comfortable sharing the way you calculate its value with your members?
Would you be comfortable publishing the percentage of the member’s spending your program returns as a reward?
The Australian Attorney General is currently undertaking a review of the nation’s Privacy Laws, we believe the result will be laws that are closer in content to the European GDPR requirements, and the Australian Competition and Consumer Commission has reviewed the privacy implications of Australian Loyalty Programs in 2020. Could this release from California be a portent of similar notices to come from Canberra?
The Californian regulator writes, “On Data Privacy Day, we’re issuing notices to business that operate loyalty programs and use personal information in violation of California’s data privacy law. I urge all businesses in California to take note and be transparent about how you’re using your customer’s data. My office continues to fight to protect consumer privacy, and we will enforce the law.” 3